On Wednesday (19 December 2018), Philip Martin, the VP of Security at crypto exchange Coinbase, provided a "behind the scenes look" at how his company recently carried out quietly possibly the world's largest ever migration of cryptoassets: "5% of all BTC, 8% of all ETH and 25% of all LTC in circulation (among many other assets)."
This on-chain migration was completed last week:
"... we successfully completed an on-blockchain migration of approximately $5 Billion (as valued the week ending Dec. 7, 2018) of cryptocurrency from Generation Three to Generation Four of our cold storage infrastructure. To our knowledge, this is the largest movement of cryptocurrency (certainly in USD terms, potentially in absolute terms) ever undertaken."
In his blog post, Martin explained that Coinbase stores "98% or more" of customers' digital assets in cold (i.e. "offline") storage, and that "Coinbase’s cold storage has gone through a number of evolutions through the years as the cryptocurrency space has evolved and matured."
He then explained what he meant by cold storage:
"Cold storage can cover a number of storage techniques, ranging from HSMs to bunkers in the Swiss Alps. Assets placed in cold storage are completely offline and disconnected from any automated system. As with many terms in a rapidly developing industry like cryptocurrency, there is no clear standard for cold storage."
"Coinbase’s standard for truly cold storage is that multiple geographically separated humans in the real world should be forced to perform physical actions to enable a transaction after reviewing transaction details. If that isn’t true, we don’t think it’s actually cold storage."
Over the past six years, there have been four generations of Coinbase's cold storage solution. Generation One was just "some USB drives (and paper backups) stored in a safe deposit box at a local bank."
The latest generation, Generation Four, which went live at the same time as Coinbase Custody, starts with "a secure foundation with a highly controlled and audited key generation process" and continues with "a globally distributed key storage and transaction approval system."
Here are the two main benefits of this new system:
- protection "against key loss, key misuse (including insider threat and application level attacks)"
- support for "world class key governance and audit while being currency agnostic"
Next, Martin explained why the crypto migration process took months of planning:
"We began planning months before the actual move date and involved almost every team at Coinbase in the process. We conducted risk assessments, honed monitoring plans and conducted test migrations until we were positive that the live migration would go off without a hitch."
He then says that one of their biggest worries was that either the migration would "be mistaken for an exchange breach or a large trader preparing to sell a significant amount of cryptocurrency" (in fact, the latter is what most people in the crypto thought might be happening), and that their concern was that "the market uncertainty would result in price movements." Another major worry was that "giving potential attackers too much notice would let them plan for and execute attacks during the migration."
So, what they did was to publish on 29 November 2018, shortly before the migration process (which lasted four days) was started, a blog post titled "Notice of blockchain movements" that simply stated:
"Over the next seven days, Coinbase will be running scheduled maintenance across our platform that may cause movements on all Coinbase-supported blockchains. These are controlled, closely monitored movements that are being performed in order to provide enhanced security and protection for our customers. Updates will be posted to status.coinbase.com, status.pro.coinbase.com and status.prime.coinbase.com."
The idea was to "to calm fears without giving away too much information."
Finally, Martin explained what happened after this blog post was published:
"... we proceeded to restore our existing cold storage addresses one by one, waiting until the previous address had been swept to the new cold storage before moving the next address."
All Images Courtesy of Coinbase